Buhtrap Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en63
de9
es1

Country

ru72
us1

Actors

Buhtrap8

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix1.49CVE-2017-0055
2WooCommerce PayU India Payment Gateway Plugin Purchase Price input validation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.07CVE-2019-14978
3HP 3PAR Service Processor SP information disclosure4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.07CVE-2015-5443
4Apache HTTP Server smbvalid/smbval authensmb memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.07CVE-1999-1237
5Oracle Java SE/Java SE Embedded Deployment memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.04CVE-2013-5788
6WooCommerce Instamojo Payment Gateway Plugin Purchase amount Price input validation7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-14977
7Texas Imperial Software WFTPD MKD/CWD Command memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-1999-0950
8Apache Tomcat URL Pattern 7pk security6.66.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2018-1304
9SAP Download Manager Key Local Privilege Escalation5.05.0$0-$5k$5k-$25kNot DefinedNot Defined0.05CVE-2016-3684
10DotNetNuke Installation Wizard InstallWizard.aspx access control8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2015-2794
11Citrix SD-WAN Center/Netscaler SD-WAN command injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2019-10883
12Tor Browser Anonymity information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2017-16639
13PortSwigger Burp Suite Server Certificate Validator certificate validation5.25.0$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-10377
14Omron CX-One CX-Programmer Password Storage information disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2015-0988
15HP Network Switch access control8.48.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.00CVE-2015-6860
16Comdev eCommerce wce.download.php path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2005-2543
17e107 CMS download.php extract unknown vulnerability5.44.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.07
18Microsoft Edge information disclosure3.93.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-11833
19Apple Mac OS X apache_mod_php deserialization8.57.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2015-6834
20Microsoft Chess Titan Chess.exe denial of service5.55.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.08

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1110.001CWE-798Improper Restriction of Excessive Authentication AttemptsHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxHigh
5TXXXXCWE-XXXXxxxxxxx XxxxxxxxxxxHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxHigh

IOA - Indicator of Attack (62)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/payu/icpcheckout/High
2File/uncpath/Medium
3Fileadclick.phpMedium
4Fileadmin.phpMedium
5Fileadrotate.pmMedium
6Filearticle.phpMedium
7Fileasn1fix_retrieve.cHigh
8Filexxxxxx_xxxxxxxxx.xxxHigh
9Filexxxxx.xxxMedium
10Filexxxx/xxx/.../xxxxxxHigh
11Filexxxxxxxx.xxxMedium
12Filexxxxx.xxxMedium
13Filexxxxxx.xxxMedium
14Filexx/xx_xxxxxxx.xxxHigh
15Filexxxxxxxx.xxxMedium
16Filexxxxxxx/xxxx/xxxxxx/xxxxxxx.xHigh
17Filexxxxxxx.xxxMedium
18Filexxx/xxxxxx.xxxHigh
19Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxHigh
20Filexxxxxxx/xxxxxxxxxxxxx.xxxxHigh
21Filexxxx_xxxx.xxxHigh
22Filexxx/xxxx/xxxx_xxxx.xHigh
23Filexxx/xxxxx.xxxxHigh
24Filexxxxxxx.xxxMedium
25Filexxxx.xxxMedium
26Filexxxxxxx.xxxMedium
27Filexxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxxHigh
28Filexxxx_xxxxxxx_xxxxxxxx.xxxHigh
29Filexx/xx/xxxxxxxxx_xxxxxxxxxxx.xxxHigh
30Filexxxx.xxxMedium
31Filexxxx/xxxxxxxxxxxx.xxxHigh
32Filexxx.xxxxxxxx.xxxHigh
33Filexxxxxxxx.xxxMedium
34File_xxxxxxxxx_xxxxxx_xxxxx___.xxxHigh
35Libraryxxxxxx.xxxMedium
36Libraryxxxxxxxx.xxx.xxxHigh
37ArgumentxxxxxxxxMedium
38ArgumentxxxxxxLow
39Argumentxxx_xxxLow
40ArgumentxxxLow
41Argumentxxx_xxLow
42ArgumentxxxLow
43Argumentxxxx_xxLow
44ArgumentxxxxLow
45ArgumentxxxxxxxxMedium
46ArgumentxxLow
47Argumentxxxx_xxLow
48ArgumentxxxLow
49ArgumentxxxxxxxxxxxxxxxxHigh
50ArgumentxxxxxxLow
51ArgumentxxxLow
52ArgumentxxxxLow
53ArgumentxxxxxxxLow
54ArgumentxxxLow
55ArgumentxxxxxLow
56ArgumentxxxLow
57ArgumentxxxxxxLow
58ArgumentxxxxxxxxMedium
59Argumentxxxxxxxx:xxxxxxxxHigh
60Input Valuexxx[…]Medium
61Input Valuexxxxxxxxx:xxxxxxxxHigh
62Network PortxxxLow

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!